Privacy Policy

Last updated: 2026-06-04

The short version

• The desktop app runs on your machine. We never see your code, your brain files, or your Claude Code prompts.
• Brain Dreaming + Ask synth call Anthropic directly from your machine using your own API key. The Anthropic call never proxies through us.
• If you sign in to repoops.ai we store the minimum needed to bill you and run a hosted team (name, email, organization, billing identifiers, hashed device IDs).
• You can export or delete your hosted-account data at any time via /account/export and /account/delete.

1. What we collect

1.1 Desktop app (local only)

Nothing leaves your machine unless you explicitly bind the install to a hosted team. The desktop app reads files under repos you add and writes a local SQLite database in your data directory. No telemetry is transmitted in the default config.

1.2 repoops.ai (hosted)

If you sign in:

• Account fields: name, email, organization name, OAuth provider IDs (Google/GitHub), authentication tokens, billing customer ID.
• Billing: Stripe customer ID, subscription IDs, plan, seat counts, invoice history. Card numbers stay with Stripe.
• Team telemetry (Team/Cloud tier, opt-in): redacted Claude Code session metadata (model, tokens, cost, duration) — never prompts or completions.
• Server-side errors: request URL, error message, stack trace, hashed user ID. Sent to Sentry. No request body, no headers, no cookies.
• Product analytics (opt-in via cookie banner): page views, button clicks, anonymous session IDs. Sent to PostHog.
• Operational logs: Vercel access logs (IP, user agent, response code) retained 30 days for debugging and abuse response.

1.3 Cookies

We use three kinds of cookies. The first kind is set automatically; the third requires your consent via the cookie banner.

• Strictly necessary (session cookie, CSRF token, billing return URL) — exempt from consent under GDPR / PECR.
• Authentication (NextAuth session + refresh) — set after you sign in. Exempt from consent because you explicitly authenticated.
• Product analytics (PostHog) — set only after you accept analytics via the cookie banner. One click rejects all.

2. What we never see

• Your source code.
• The contents of your .claude/brain/ files (unless you opt in to publish a brain page via the L22 surface).
• Your Anthropic prompts or completions.
• Your local Claude Code transcripts.

3. Retention

• Solo (free): account record kept until you delete it.
• Team / Cloud: telemetry retained 90 days; audit log retained 365 days; billing records 7 years (US tax requirement).
• Enterprise: configurable per the DPA.
• Deletion grace period: 30 days after you submit a delete request, during which the action is reversible by emailing support@repoops.ai.

4. Sub-processors

See the Data Processing Agreement for contractual terms with each sub-processor.

5. Your rights (GDPR / UK GDPR / CCPA)

• Access & portability: /account/export returns a JSON dump within minutes.
• Erasure: /account/delete queues a 30-day reversible delete.
• Rectification: edit your name + email at /account.
• Objection / restriction: email support@repoops.ai.
• Complaint: you can lodge a complaint with your local supervisory authority (e.g. ICO in the UK, CNIL in France).

6. International transfers

Our primary infrastructure is in the United States. For EU/UK customers, we rely on the Standard Contractual Clauses (SCCs) included in the DPAand on each sub-processor’s own SCC commitments.

7. Children

RepoOps is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal data, email support@repoops.aiand we’ll delete it.

8. Changes

Material changes will be posted here with at least 14 days’ notice to account holders by email.

See also: Terms of Service · Data Processing Agreement · Refund & cancellation policy.